#define QEMU_NBD_OPT_TLSCREDS 261
#define QEMU_NBD_OPT_IMAGE_OPTS 262
#define QEMU_NBD_OPT_FORK 263
+#define QEMU_NBD_OPT_TLSAUTHZ 264
#define MBR_SIZE 512
static int nb_fds;
static QIONetListener *server;
static QCryptoTLSCreds *tlscreds;
+static const char *tlsauthz;
static void usage(const char *name)
{
" --object type,id=ID,... define an object such as 'secret' for providing\n"
" passwords and/or encryption keys\n"
" --tls-creds=ID use id of an earlier --object to provide TLS\n"
+" --tls-authz=ID use id of an earlier --object to provide\n"
+" authorization\n"
" -T, --trace [[enable=]<pattern>][,events=<file>][,file=<file>]\n"
" specify tracing options\n"
" --fork fork off the server process and exit the parent\n"
printf(" description: %s\n", list[i].description);
}
if (list[i].flags & NBD_FLAG_HAS_FLAGS) {
+ static const char *const flag_names[] = {
+ [NBD_FLAG_READ_ONLY_BIT] = "readonly",
+ [NBD_FLAG_SEND_FLUSH_BIT] = "flush",
+ [NBD_FLAG_SEND_FUA_BIT] = "fua",
+ [NBD_FLAG_ROTATIONAL_BIT] = "rotational",
+ [NBD_FLAG_SEND_TRIM_BIT] = "trim",
+ [NBD_FLAG_SEND_WRITE_ZEROES_BIT] = "zeroes",
+ [NBD_FLAG_SEND_DF_BIT] = "df",
+ [NBD_FLAG_CAN_MULTI_CONN_BIT] = "multi",
+ [NBD_FLAG_SEND_RESIZE_BIT] = "resize",
+ [NBD_FLAG_SEND_CACHE_BIT] = "cache",
+ };
+
printf(" size: %" PRIu64 "\n", list[i].size);
printf(" flags: 0x%x (", list[i].flags);
- if (list[i].flags & NBD_FLAG_READ_ONLY) {
- printf(" readonly");
- }
- if (list[i].flags & NBD_FLAG_SEND_FLUSH) {
- printf(" flush");
- }
- if (list[i].flags & NBD_FLAG_SEND_FUA) {
- printf(" fua");
- }
- if (list[i].flags & NBD_FLAG_ROTATIONAL) {
- printf(" rotational");
- }
- if (list[i].flags & NBD_FLAG_SEND_TRIM) {
- printf(" trim");
- }
- if (list[i].flags & NBD_FLAG_SEND_WRITE_ZEROES) {
- printf(" zeroes");
- }
- if (list[i].flags & NBD_FLAG_SEND_DF) {
- printf(" df");
- }
- if (list[i].flags & NBD_FLAG_CAN_MULTI_CONN) {
- printf(" multi");
- }
- if (list[i].flags & NBD_FLAG_SEND_RESIZE) {
- printf(" resize");
- }
- if (list[i].flags & NBD_FLAG_SEND_CACHE) {
- printf(" cache");
+ for (size_t bit = 0; bit < ARRAY_SIZE(flag_names); bit++) {
+ if (flag_names[bit] && (list[i].flags & (1 << bit))) {
+ printf(" %s", flag_names[bit]);
+ }
}
printf(" )\n");
}
nb_fds++;
nbd_update_server_watch();
- nbd_client_new(cioc, tlscreds, NULL, nbd_client_closed);
+ nbd_client_new(cioc, tlscreds, tlsauthz, nbd_client_closed);
}
static void nbd_update_server_watch(void)
{ "export-name", required_argument, NULL, 'x' },
{ "description", required_argument, NULL, 'D' },
{ "tls-creds", required_argument, NULL, QEMU_NBD_OPT_TLSCREDS },
+ { "tls-authz", required_argument, NULL, QEMU_NBD_OPT_TLSAUTHZ },
{ "image-opts", no_argument, NULL, QEMU_NBD_OPT_IMAGE_OPTS },
{ "trace", required_argument, NULL, 'T' },
{ "fork", no_argument, NULL, QEMU_NBD_OPT_FORK },
signal(SIGPIPE, SIG_IGN);
#endif
+ error_init(argv[0]);
module_call_init(MODULE_INIT_TRACE);
- error_set_progname(argv[0]);
qcrypto_init(&error_fatal);
module_call_init(MODULE_INIT_QOM);
flags &= ~BDRV_O_RDWR;
break;
case 'P':
+ warn_report("The '-P' option is deprecated; use --image-opts with "
+ "a raw device wrapper for subset exports instead");
if (qemu_strtoi(optarg, NULL, 0, &partition) < 0 ||
partition < 1 || partition > 8) {
error_report("Invalid partition '%s'", optarg);
g_free(trace_file);
trace_file = trace_opt_parse(optarg);
break;
+ case QEMU_NBD_OPT_TLSAUTHZ:
+ tlsauthz = optarg;
+ break;
case QEMU_NBD_OPT_FORK:
fork_process = true;
break;
error_report("TLS is not supported with a host device");
exit(EXIT_FAILURE);
}
+ if (tlsauthz && list) {
+ error_report("TLS authorization is incompatible with export list");
+ exit(EXIT_FAILURE);
+ }
tlscreds = nbd_get_tls_creds(tlscredsid, list, &local_err);
if (local_err) {
error_report("Failed to get TLS creds %s",
error_get_pretty(local_err));
exit(EXIT_FAILURE);
}
+ } else {
+ if (tlsauthz) {
+ error_report("--tls-authz is not permitted without --tls-creds");
+ exit(EXIT_FAILURE);
+ }
}
if (list) {